From c79fa3e212e8bb49f950da3c3218e32e3b9df2ec Mon Sep 17 00:00:00 2001 From: Joris Date: Sun, 1 Nov 2015 20:10:28 +0100 Subject: Give access to sharedCost if someone click on the sign in link and is already connected --- src/server/Controller/SignIn.hs | 49 +++++++++++++++++++++++++++-------------- src/server/Secure.hs | 1 + 2 files changed, 34 insertions(+), 16 deletions(-) (limited to 'src/server') diff --git a/src/server/Controller/SignIn.hs b/src/server/Controller/SignIn.hs index 5306ee1..31cd510 100644 --- a/src/server/Controller/SignIn.hs +++ b/src/server/Controller/SignIn.hs @@ -18,6 +18,7 @@ import qualified Data.Text as T import qualified Data.Text.Lazy as TL import qualified Data.Text.Encoding as TE import Data.Time.Clock (getCurrentTime, diffUTCTime) +import Data.Maybe (isJust) import qualified LoginSession @@ -35,6 +36,8 @@ import Model.Message (getMessage) import Json (jsonError) +import Secure (getUserFromToken) + import qualified View.Mail.SignIn as SignIn signIn :: Config -> Text -> ActionM () @@ -59,24 +62,38 @@ signIn config login = validateSignIn :: Config -> Text -> ActionM () validateSignIn config textToken = do - mbToken <- liftIO . runDb $ getSignInToken textToken - now <- liftIO getCurrentTime + alreadySigned <- isAlreadySigned + if alreadySigned + then + redirect "/" + else do + mbSignIn <- liftIO . runDb $ getSignInToken textToken + now <- liftIO getCurrentTime + case mbSignIn of + Just signIn -> + if signInIsUsed . entityVal $ signIn + then + redirectError (getMessage SignInUsed) + else + let diffTime = now `diffUTCTime` (signInCreation . entityVal $ signIn) + in if diffTime > (fromIntegral $ (signInExpirationMn config) * 60) + then + redirectError (getMessage SignInExpired) + else do + LoginSession.put (signInToken . entityVal $ signIn) + liftIO . runDb . signInTokenToUsed . entityKey $ signIn + redirect "/" + Nothing -> + redirectError (getMessage SignInInvalid) + +isAlreadySigned :: ActionM Bool +isAlreadySigned = do + mbToken <- LoginSession.get case mbToken of - Just token -> - if signInIsUsed . entityVal $ token - then - redirectError (getMessage SignInUsed) - else - let diffTime = now `diffUTCTime` (signInCreation . entityVal $ token) - in if diffTime > (fromIntegral $ (signInExpirationMn config) * 60) - then - redirectError (getMessage SignInExpired) - else do - LoginSession.put (signInToken . entityVal $ token) - liftIO . runDb . signInTokenToUsed . entityKey $ token - redirect "/" Nothing -> - redirectError (getMessage SignInInvalid) + return False + Just token -> do + liftIO . runDb . fmap isJust $ getUserFromToken token redirectError :: Text -> ActionM () redirectError msg = diff --git a/src/server/Secure.hs b/src/server/Secure.hs index 8565098..192fa10 100644 --- a/src/server/Secure.hs +++ b/src/server/Secure.hs @@ -2,6 +2,7 @@ module Secure ( loggedAction + , getUserFromToken ) where import Web.Scotty -- cgit v1.2.3